Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
It uses BitDefender and Emsisoft.
See this post, or the thread on Ashampoo 2014.
thanks a lot for the info.
Replaced EMET with sandboxie. The new version isnt.causing.GUI issues in FF like the last.version was.
BitDefender and Emsisoft
remoed NoVirusThanks EXE Radar Pro 3it is a nice program but i need a hips=smart hips to guard the back doors too
note:never mind I like NoVirusThanks EXE Radar Pro 3 too much it will stay
you have OA as hips?
yes it is my current hips
I removed ESET AV and EMET and enabled SRP for all users.
I put him back on all machines four days ago.
I'm noticing a slight performance hit on W7, that I think is Scotty.
But I'm going to keep him around for awhile longer.
Sure is a nice program.
Performance hit due to scotty !
I doubt that. I usually disable sounds and disable monitoring hidden files, file types and others. Maybe you can try that.
Emsisoft Antimalware free
ashampoo in near future
Running 7 x64 and didn't see a noticeable hit, but I took it off anyway. It'll be helpful to install it maybe once a month just to check on things, but with my setup I'm not seeing a need of having Scotty guard full-time.
After lots of reading and thinking about it, I decided that the Bromium Labs report isn't enough of a reason to abandon Sandboxie. For me its advantages outweigh any vulnerability BL say they found. Maybe someday those exploits will be used and reported by users, but until then why not use Sandboxie for its many strengths. IMHO.
But at the moment there is another problem that prevents me from being able to use Sandboxie. There is a conflict with just WSA running and also with just VoodooShield running. So I will load Sandboxie occasionally to see if the conflicts have been resolved, or maybe talk to WSA and VS about the problem. In the mean time I am seeing if I can stay safe without it.
Very impressive and nice setup as usual. Lot to learn.
Thanks, but word of caution: reducing attack surface is balancing on the edge between allowing just enough to keep the system functional and crossing the line in making it malfunctioning or even non-functioning. When disabling services, reducing registry/file access permissions and optimising GPO often the functional limitations appear some time after applying the tweak (so have a good image backup plan in place).
Example for Software Restriction Policies
- For all files and all users EXCEPT administrators
- Default level basis user
=> You need "Run MSI as Admin" tweak of Symantec
=> Clicking an executable in user space will show "program blocked by GPO"
=> Installing from user space works with right click "run as Administrator" only
=> Most .Net updates will fail (extract into temp directory and launch normally), so (.Net) security updates have to be done manually, disabling FW and SRP.
=> Alternative De-install dotNet 4 after EMET 4 and disable 3.5 in Windows features (of Windows 7) and remove EMET agent from autorun
I recently had to remove sandboxie too. I thought it was a conflict with WSA but that wasn't the issue. I had nothing but sandboxie installed and firefox was still hanging and locked up after a few minutes of use. I'm sure it has to do with win 8.1. I'll be trying to figure it out and post over at the forum.
I had the same problem with Sandboxie 4.06 and Firefox on Windows 7. The problem happened on sites that are using flash content. Firefox would become unresponsive and I had to kill the process. I solved the problem by disabling Flash protected mode.
If anyone has Chrome setup in EMET, would you please share your setup. Have you anything unticked?
Well if you doubt that, I must be wrong.
Everything is ticked and I've not run into any issues in the last weeks.
Here is detailed description of my security setup:
I have used this text colours:
- active protection is in green
- on-demand tools are in blue
- hardening, mitigations and others are in orange
System configuration and hardening:
• Operating system: Windows 7 Ultimate SP1 64 bit
• User Account Control: I have set UAC control on 'Always notify'. All changes to my computer need administrator aproval.
• Software Restriction Policy: SRP is set for non-administrators.
• Autorun / Autoplay: This feature is disabled. Everything that needs to be run is run manually.
• Services: All unnecessary services are disabled. Some services have startup type changed from "Automatic" to "Manual" and are run on-demand.
• Windows 7 features: Unnecessary and unused Windows features are turned off.
• User Accounts: Built-in Administrator and Guest accounts are disabled.
• Router: Whole network is behind router with SPI firewall. Unsolicited inbound connections are blocked. Router has access from Wan and UPnP disabled.
• Wireless: Wireless access to network is secured with strong password. WPA2-PSK EAS encryption is used.
• Firewall: Windows 7 built-in firewall is enabled and blocks unsolicited inbound connections. Outbound connections are not monitored.
System and applications security:
• Sandboxie: Chrome, Firefox and IE are always run in seperate sandoxes. This is how SBIE is set:
- container folder is set on RamDisk
- immediate recovery to download folder is enabled
- content of sandbox is deleted when the last sandboxed program ends
- browsers are run with dropped rights
- browsers have blocked access to personal data
- browsers have direct access only to bookmarks
• ESET Nod32 AV: Nod is protecting my system from malware. It is monitoring my file system, Outlook database and http traffic.
• Acronis True Image: System image is created once a week to another HDD.
• Keepass: All logins are stored in password protected database. Unique password is used for each login.
• Truecrypt: All sensitive data is stored in password protected encrypted container.
• CCleaner: MRUs, temporary files and other junk files are deleted at least once a day.
• Recuva: It is used to recover accidently deleted files and wipe deleted files from non SSD drive.
Internet security and privacy:
• Adblock Plus: ABP extension makes my internet experience clean. EasyList, Malware Domains and EasyPrivacy filters are enabled.
• OpenDNS: OpenDNS provides reliable internet connection and protects from phishing websites.
• Other mitigations: No Java installed. No Flash for IE.
Online banking security:
• Banking environment: All banking is conducted in sandboxed Chrome after previous browsing session is closed, all sandboxed processes are ended and all data in sandbox is deleted.
• Paypal: Only payments through Paypal for online purcheses are used. No online merchant gets my credit card information.
• HitmanPro: I run default scan once a day.
• Emsisoft Emergency Kit: Once a week smart scan is run.
• VirusTotal Uploader: Uploader is used to upload and scan individual files on online service's site.
• Windows Update: Windows update is used to update system and other software from Microsoft.
• Secunia PSI: Scan is run once a week to check for security updates for my system and applications.
Other security related tools:
• Virtualbox: Virtualbox provides me virtual environment for testing purposes.
• Autoruns: Autoruns is run once a week to check all startup items.
• Process Explorer: It is used as replacement for Windows Task Manager.
Ah I understand now.
Now that's a setup in detail.
Ashampoo Antivirus With Bitdefender/Emisoft +Webroot Secure Anywhere + MalwareBytes Antimalware all real time protection. Works great together. Plus Chrome and Wfw.
Separate names with a comma.